Return-oriented programming is one of the most advanced attack techniques available today. This talk presents algorithms which allow an attacker to search for and compose gadgets regardless of the underlying architecture using the REIL meta language. We show a return-oriented compiler for the ARM architecture as a proof-of-concept implementation of the algorithms developed and discuess applications to the iPhoneOS platform. This compiler accepts inputs in an assembly-like language, simplifying the otherwise tedious gadget selection process by hand. Thus enabling the researcher to focus on the other parts of successful exploitation by minimizing the shellcode development time.
Zynamics Vincenzo Iozzo is a student at the Politecnico di Milano where he does some research regarding malware and IDS. He is involved in a number of open source projects, including FreeBSD due to Google Summer of Code. He works as a reverse engineer for Zynamics GmbH.
University of Luxembourg Ralf-Philipp Weinmann is a cryptologist at day, and a reverse-engineer at night. He has studied and obtained his Ph.D. at the Technical University of Darmstadt and is currently researching as a post-doc at the LACS laboratory of the University of Luxembourg.
Zynamics Tim Kornau is a developer and researcher at the zynamics GmbH. He has studied at the Ruhr-University in Bochum Germany and has a master in IT-Security. He has held lectures at the Ruhr-University Bochum mostly about offensive computer security and Malware research.